For the archeologists: This site relaunched in 2015 with more helpful resources (see below).

Here at the Rails Security Project, I’m collecting useful articles, guides about Ruby on Rails security (and friends). Often, I’ll create a page with all information and links about a sub-topic (example).

There will be regular updates on this site once useful new resources are published on the interwebz. Subscribe to the newsletter below to hear about them first.

I try to avoid listing any resource that feels too spammy, too basic or that is an ad-hoc random piece of the puzzle.

I’m hoping this site will become a useful place for Rails developers of all levels.

About me

Hi! I’m Heiko Webers, a web application security specialist, author of the Rails Security Guide (earlier versions) and The Rails Security Strategy. I run this website since 2007, first as a blog. In 2015 it relaunched as a community resource site.
In my Rails security audits I provide another pair of eyes. More details about auditing your own app here. I’m very interested in bootstrapping companies, and obviously Rails security.
Feel free to contact me with questions, if you found an interesting resource or just to say hello.